Search Your Queries Related To Trilegal


RBI Working Group Report on Digital Lending

16 Dec 2021

Trilegal X iTechLaw Budget image
The RBI has published its Working Group’s report on regulating the country's digital lending ecosystem. In this update, we cover key aspects of the report such as recommendations for regulation of various players in the digital lending space, proposed security standards, data storage and transparency requirements and consumer protection.

On 18 November 2021, the Working Group on Digital Lending (WG) constituted by the Reserve Bank of India (RBI) published its report on the digital lending ecosystem, including lending through online platforms and mobile apps (Report).

The Report distinguishes digital lending from conventional lending on the basis of its use of digital technologies for lending processes such as credit assessment, loan approval, loan disbursement, loan repayment and customer service.

The recommendations and suggestions made by the WG are aimed at balancing the benefits of digital innovation with consumer interest. They also seek to protect the integrity of the digital lending system from unregulated or unauthorised entities carrying out lending business and prevent the digital lending ecosystem from causing disruption to existing players.

Key Recommendations

  • Regulation of Players in the Digital Lending Ecosystem

    The Report highlights the growth seen in digital lending sector over the last five years. While public sector banks and foreign banks largely depend on their own apps/websites for disbursal of digital loans, the dependency of private sector banks on outsourced digital lending apps (DLAs) is significantly higher. DLAs are mobile and web-based applications with user interface that facilitate borrowing by financial consumers from lenders. While DLAs are on the rise, the RBI has also been receiving increasing number of complaints against DLAs that are promoted by entities not regulated by the RBI. To address these concerns, the Report suggests regulating the various players in the digital lending ecosystem.

    The Report classifies the entities engaged in digital lending into two categories – balance sheet lenders (BSLs) and lending service providers (LSPs).

    • Balance sheet lenders

      BSLs are entities in the business of lending that carry the credit risk in their balance sheet/provide capital for associated credit risk. These entities are ordinarily RBI-regulated entities (RE) such as banks, nonbanking financial companies (NBFCs) or other entities registered for carrying out lending activities, such as moneylenders registered under State laws, chit fund companies, State finance corporations and credit societies.

      To regulate the functioning of DLAs i.e. mobile and web-based applications with a user interface facilitating the borrowing by a financial consumer from a digital lender, the Report provides recommendations for REs. One of the key recommendations is that balance sheet lending through DLA should be restricted to REs or entities registered under any other law for specifically undertaking lending business, for which a suitable notification may be issued by the appropriate authority. The Report cites the Ministry of Electronics and Information Technology as the appropriate authority for this purpose.

      While the restrictions on balance sheet lending to be carried out by REs have been envisaged with an aim to curb illegal or exploitative digital lending practices, this could have a significant impact on established business models where non-regulated entities or LSPs carry credit risk or have risk-sharing arrangements with their lending partners.

      The Report also proposes to specifically prohibit REs from entering into arrangements involving synthetic structures with unregulated entities such as First Loss Default Guarantee (FLDG) (i.e. an arrangement where a third party compensates lenders if the borrower defaults). The WG also suggests that digital products involving short term credits and deferred payments such as the Buy Now Pay Later (BNPL) models should be treated as BSL. While BNPL models are usually implemented with partners that are REs, the WG’s suggestion stems from the fact that this exposes the balance sheet of the entity offering BNPL, where it is treated as a deferred payment. Accordingly, the implementation of this suggestion would mean that BNPL can only be provided by REs, and not their partner LSPs.

    • Lending service providers

      LSPs are agents of BSLs who provide core and ancillary lending services such as customer acquisition, loan sourcing, underwriting support, pricing support, providing a marketplace for lenders as well as borrowers etc.

      When LSPs act in partnership with an RE, their activities are governed by the guidelines on outsourcing of financial services issued for banks/ NBFCs by the RBI. However, similar guidelines on outsourced activities by other BSLs are not in place, thus precluding the LSPs partnering with them from such compliance obligations. The Report therefore recommends that balance sheet lending through DLAs should be restricted to REs that are governed by guidelines on outsourcing issued by the RBI.

      The Report also raises concerns on the difficulty in overseeing the various entities involved in the lending process for weeding out fraudulent operators and addressing money laundering concerns. It recommends that:

      • RBI should develop a separate framework styled as Agency Financial Service Regulation for all customerfacing/fully outsourced activities of REs (e.g. contact centres, customer document management systems, etc. which may include LSP functions).
      • All transactions such as loan servicing, repayment, etc. should be executed directly in a bank account of the BSL without using any pass-through account/pool account of a third party. This measure seeks to increase transparency and avoid operational grey areas between LSPs and partnering BSLs. Further, the disbursements would always have to be made into the bank account of the borrower. This recommendation may affect models currently used in the market.
      • Use of pre-paid instruments (PPI) (cards/ wallets), in addition to bank accounts, may be permitted when full inter-operability among PPIs is implemented. However, loans can be disbursed to borrowers who have only a PPI account (but do not have a bank account) if such PPI accounts are fully KYC compliant. Further, any fees payable to LSPs as per the agreement with the lender, should be paid by the lenders and not received by the LSPs directly from the borrower. The Report also recommends tightening the rules governing payment transaction information. Additionally, entities considered critical to digital lending such as web aggregator of loan products should be considered as LSPs and be subjected to a code of conduct by the REs.
      • The LSP agreement for BSL needs to be as per a uniform model to be brought out by a Self-Regulatory Organisation (SRO), which should consist of LSPs and DLAs as members.
      • Digitally signed documents supporting important transactions through DLAs of REs, such as sanction letter, terms and conditions, account statements etc., should automatically flow to registered/verified email of the borrower upon execution of the transactions.

    Given the broad definition of LSPs, the Report shows a keen intent to ensure that the control of DLA lies in the hands of the RE and that LSPs do not have a free rein on the processes of the DLA outside of the RE’s supervision. If the proposed Agency Financial Service Regulation mentioned above comes into play, it is likely to have a notable impact on the relationship between LSPs and REs.

Download PDF to read more

Subscribe to our Knowledge Repository

If you would like to receive content directly in your inbox from our knowledge repository, please complete this subscription form. This service is reserved for clients and eligible contacts.


    Under the rules of the Bar Council of India, Trilegal is prohibited from soliciting work or advertising in any form or manner. By accessing this website,, you acknowledge that:

    • You are seeking information about Trilegal of your own accord and there has been no form of solicitation, advertisement or inducement by Trilegal or its members.
    • This website should not be construed as providing legal advice for any purpose.
    • All information, content, and materials available on this website are for general informational purposes only.
    • Any information obtained or material downloaded from this website is completely at the user’s volition, and any transmission, receipt or use of this website is not intended to, and will not, create any lawyer-client relationship.
    • Information on this website may not constitute the most up-to-date legal or other information. Trilegal is not liable for the consequences of any action taken by any person based on any material or information available on this website, or for any inaccuracy in or exclusion of any information or interpretation thereof.
    • Readers of this website or recipients of content or information available on this website should not act based on any or all such content or information, and should always seek advice of competent legal counsel licensed to practice in the appropriate jurisdiction.
    • Third party links contained on this website re-directing users to such third-party websites should neither be construed as legal reference / legal advice, nor considered as referrals to, endorsements of, or affiliations with, any such third party website operators.
    • The communication platform provided on this website should not be used for exchange of any confidential, business or politically sensitive information.
    • The contents of this website are the intellectual property of Trilegal.

    We prioritize your privacy. Before proceeding, we encourage you to read our privacy policy, which outlines the below, and terms of use to understand how we handle your data:

    • The types of information we collect and why we collect them.
    • How we use your information to provide a personalized experience.
    • The measures we take to ensure the security of your data.
    • Your rights and choices in managing your personal information.
    • How we may share information with trusted partners for specific purpose.

    For more information, please read our terms of use and our privacy policy.

    Up arrow